[Openid-specs-ab] Issue #1189: behaviour of unknown prompt values not clear / RP has no way to know if server supports prompt=create (openid/connect)
issues-reply at bitbucket.org
Fri Sep 25 10:18:41 UTC 2020
New issue 1189: behaviour of unknown prompt values not clear / RP has no way to know if server supports prompt=create
The account creation draft defines a new prompt=create value.
It’s unclear how this will be handled by existing servers \(which know nothing about prompt=create\), i.e. [https://openid.net/specs/openid-connect-core-1\_0.html#AuthRequest](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) does not define how servers should handle unknown prompt values.
Should there be some text in the prompt=create specification along the lines “RPs must only send prompt=create to servers they know support it” and/or should OpenID Provider Metadata be defined to indicate that prompt=create is supported?
More information about the Openid-specs-ab